<?php
/******************************************************* *   Copyright (C) 2007  http://p3net.net    This program is free software; you can redistribute it and/or modify    it under the terms of the GNU General Public License as published by    the Free Software Foundation; either version 2 of the License, or    (at your option) any later version.    This program is distributed in the hope that it will be useful,    but WITHOUT ANY WARRANTY; without even the implied warranty of    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the    GNU General Public License for more details.    You should have received a copy of the GNU General Public License along    with this program; if not, write to the Free Software Foundation, Inc.,    51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    
    @id: $Id: session.php 8 2007-07-27 20:56:25Z p3net.tech $
*********************************************************/
/********************************************************
The name here is a bit of a misnomer. The session class
handles all user-interaction related processes -- both
interaction between user and server and interaction
between user and user
**********************************************************/
class session
{
    function create()
    {
    	/* We don't have a session and aren't logged in. Let's create it */
    	$id = md5(time() . rand(1,1000));
   		/* Check to make sure it's unique */
    	$_query="INSERT INTO `sessions` VALUES('" . $id . "', '-1', '" . $REMOTE_ADDR . "', '" . time() . "')";
    	$db->query($_query);
    	$_COOKIE["session_id"] = $id;
    }
    function check()
    {
    	/* We need to check if a session exists by looking for the session cookie. If that's not there,
    	   then we return false (since the user isn't logged in). We also match the IP */
    	$ip = $REMOTE_ADDR;
    	$_query = "SELECT * FROM `sessions` WHERE `ip` = '" . $ip . "'";
    	$res = $db->query($_query);
    	if(mysql_num_rows($res) == 0)
    	{
    		$session->create();
    	}
    	else
    	{
    		/* Get an array of our session info */
    		$res = $db->fetch_array($res);
    		if($res['id'] != $_COOKIE["session_id"])
    		{
    			$session->create();
    		}
    		else
    		{
    			foreach($res as $key => $value)
    			{
    				$user->data[$key] = $value;
    			}
    			/* Update our updated time */
    			$_query="UPDATE `sessions` SET `last_update` = '" . time() . "' WHERE `id` = '" . $user->data['id'] . "' LIMIT 1";
    			$db->query($_query);
    		}
   		}
    	/* We also need to get rid of users who haven't done anything in the last half-hour */
    	$_query = "DELETE * FROM `sessions` WHERE `last_update` < " . (time() - (60*30));
    	$db->query($_query);
    }
    function logged_in()
    {
    	if($user->data['id'] != "-1")
    	{
    		return true;
    	}
    	else
    	{
    		return false;
    	}
    }
    function login($user_id)
    {
    	$session->check();
    	if($session->logged_in())
    	{
    		/* Wait - what? */
   			$error->general("Already logged in", "Session already populated");
    	}
    	else
    	{
    		$_query = "UPDATE `sessions` SET `user_id` = '" . $user_id . "' WHERE `id` = '" . $_COOKIE["session_id"] . " LIMIT 1";
    		$db->query($_query);
    		/* Run the session check again. It'll make the row and populate $user->data */
    		$session->check();
    	}
    }
    function logout()
    {
    	if($session->logged_in())
    	{
    		$_query = "UPDATE `sessions` SET `user_id` = '-1' WHERE `id` = '" . $user->data['id'] . "' AND `ip` = '" . $user->data['ip'] . "' LIMIT 1";
    		$db->query($_query);
    		$user->data = null;
    	}
    	else
    	{
    		$error->general('Not logged in', 'User ID = -1');
    	}
    }
    function is_friend($id)
    {
    	if(!$user->logged_in())
    	{
    		return false;
    	}
    	else
    	{
    		$_query = "SELECT * FROM `friends` WHERE `party_1` = '" . $user->data['user_id'] . "' AND AND `party_2`='" . $id . "' AND `accepted`='1'";
    		$_query = $db->query($_query);
    		if(mysql_num_rows($_query) > 0)
    		{
    			return true;
    		}
    		else
    		{
    			$_query = "SELECT * FROM `friends` WHERE `party_2` = '" . $user->data['user_id'] . "' AND `party_1`='" . $id . "' AND `accepted`='1'";
    			$_query = $db->query($_query);
    			if(mysql_num_rows($_query) > 0)
    			{
    				return true;
    			}
    			else
    			{
    				return false;
    			}
    		}
    	}
    }
    function action($action, $who="")
    {
    	/*List of actions:
    	1. Updated Space
    	2. Left you a comment
    	3. Left a comment on one of your pictures
    	4. Uploaded a picture
    	5. Added you as a friend
    	6. New blog post
    	7. Left you a comment on a blog post
    	8. Joined a group
    	9. Created a group */
    	$_query="INSERT INTO `actions` VALUES('" . time() . "', '" . $user->data['user_id'] . "', '" . $action . "', '" . $who . "')";
    	$db->query($_query);
    	return true;
    }
    function add_friend($id)
    {
    	if(!$user->logged_in())
    	{
    		$error->general("Not logged in", "Add as friend");
    	}
    	else
    	{
    		if($user->is_friend($id))
    		{
    			$error->general("Already friend", "Add as friend");
    		}
    		else
    		{
    			$_query = "SELECT * FROM `friends` WHERE `party_1`='" . $user->data['user_id'] . " AND `party_2`='" . $id . "'";
    			$_query=$db->query($_query);
    			if(mysql_num_rows($_query) > 0)
    			{
    				$error->general("Already added as friend, awaiting acception", "Add as friend");
    			}
    			else
    			{
    				$_query = "SELECT * FROM `friends` WHERE `party_2`='" . $user->data['user_id'] . " AND `party_1`='" . $id . "'";
    				$_query=$db->query($_query);
    				if(mysql_num_rows($_query) > 0)
    				{
    					$error->general("User has already added you as a friend. Accept them in your friend control panel.", "Add as friend");
    				}
    				else
    				{
    					$_query="INSERT INTO `friends` VALUES('" . $user->data['user_id'] . "', '" . $id . "', '0'";
    					$db->query($_query);
    					$message->thank("adding this user as your friend. You will be alerted when they accept you as a friend.", "to go back", "javascript:history.go(-1)");
    				}
    			}
    		}
    	}
    }
    function accept_friend($id)
    {
    	$_query="UPDATE `friends` SET `accepted`='1' WHERE `party_2`='" . $data->user['user_id'] . "' AND `party_1='" . $id . "' LIMIT 1";
    	$db->query($_query);
    	$user->action(5, $id);
    }
    function can_view($id)
    {
    	/*We're simply checking whether or not we have the permissions to view this space */
    	/*First we need to figure out what the space privacy setting is*/
    	$_query="SELECT `privacy` FROM `users` WHERE `id`='" . $id . "' LIMIT 1";
    	$_query=$db->query($_query);
    	$_query=$db->fetch_array($_query);
    	$res=$_query['privacy'];
    	if($res == '0')
    	{
    		/*All users can view this space*/
    		return true;
    	}
    	else
    	{
    		/*We need to check if we're they're friend*/
    		if($session->is_friend($id))
    		{
    			return true;
    		}
    		else
    		{
    			return false;
    		}
    	}
    }
    function add_comment($id)
    {
    	if($session->is_friend($id))
    	{
    		/*Okay, we have permission to leave this comment*/
    		foreach($_POST as $key => $value)
    		{
    			$var[$key] = mysql_real_escape_string($value);
    		}
    		$_query="INSERT INTO `comments` VALUES('', '" . time() . "', '" . $user->data['user_id'] . "', '" . $id . "', '" . $var['body'] .
    			"'";
    		$db->query($_query);
    		$session->action('2', $id);
    	}
    }
    function get_username($id)
    {
    	$_query="SELECT `display_name` FROM `users` WHERE `id`='" . $id . "'";
    	$_query=$db->query($_query);
    	$res=$db->fetch_array($_query);
    	return $res['display_name'];
    }
    function add_image_comment($id)
    {
    	$owner = "SELECT `owner` FROM `images` WHERE `id`='" . $id . "'";
    	$owner = $db->query($owner);
    	$owner = $db->fetch_array($owner);
    	$owner = $owner['owner'];
    	if($session->is_friend($owner)
    	{
    		foreach($_POST as $key => value)
    		{
    			$var[$key] = mysql_real_escape_string($value);
    		}
    		$_query="INSERT INTO `image_comments` VALUES('', '" . $id . "', '" . time() . "', '" . $user->data['user_id'] . "', '" . $var['comment'] . "'";
    		$db->query($_query);
    	}
    }
    function generate_timestamp($time)
    {
    	if($session->logged_in())
    	{
    		$_query="SELECT `time_offset` FROM `users` WHERE `id`='" . $user->data['user_id'] . "'";
    		$_query=$db->query($_query);
    		$_query=$db->fetch_array($_query);
    		$offset=$_query['time_offset'];
    		
    		$diff = $offset * 60 * 60;
    	}
    	$time = $time + $diff;
    	return date('m/d/Y G:i:s', $time);
    }
}
?>